The company has reported security vulnerabilities in several products from its portfolio. Updates are available for the weaknesses, some of which are classified as critical risks. IT managers should check if they are using vulnerable systems and install the updates promptly.

According to Cisco, the most severe are vulnerabilities in Cisco Unified Contact Center Express (Unified CCX). Due to several vulnerabilities in the Java Remote Method Invocation (RMI) used within it, attackers from the network can execute arbitrary commands without prior authentication, escalate their privileges to “root,” bypass authentication, and upload arbitrary files – in other words, completely compromise the system (CVE-2025-20354, CVSS 9.8; CVE-2025-20358, CVSS 9.4; both risk “critical”). Cisco Unified CCX 12.5 SU3 ES07 and 15.0 ES01 patch the security holes.

Cisco classifies a vulnerability in the RADIUS server is classified as high risk. The setting “Reject RADIUS requests from clients with repeated failures” in Cisco Identity Services Engine (ISE) allows unauthenticated attackers from the network to unexpectedly restart Cisco ISE. This results in a Denial-of-Service (DoS). Attackers can trigger this with a specific sequence of manipulated RADIUS requests (CVE-2025-20343, CVSS 8.6, risk “high”). The setting is active by default. Cisco ISE 3.4 and earlier versions are affected; newer 3.5 versions are reportedly not vulnerable. Version 3.4 Patch 4 is said to resolve the problem.

Medium-severity vulnerabilities

In Cisco’s Unified Contact Center Express (Unified CCX), Cisco Unified Contact Center Enterprise (Unified CCE), Cisco Packaged Contact Center Enterprise (Packaged CCE), and Cisco Unified Intelligence Center (CUIC), authenticated attackers from the network can inject and execute arbitrary code, escalate their privileges to “root,” read sensitive information, and download arbitrary files (CVE-2025-20375, CVE-2025-20376; both CVSS 6.5; CVE-2025-20374, CVSS** 4.9**; all risk “medium”). The security advisory names the corrected software versions Cisco Unified CCX 12.5 SU3 ES07 and 15.0 ES01 as well as Cisco Unified Intelligence Center 15.0(01) ES202508; those still using version 12.6 or older should migrate to a supported version.

Finally, authenticated attackers from the network can read sensitive information or execute cross-site scripting attacks in Cisco’s Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) (CVE-2025-20303, CVE-2025-20304, CVSS 5.4; CVE-2025-20289, CVSS 4.8; CVE-2025-20305, CVSS 4.3; all risk “medium”). Cisco ISE releases 3.4 and older are vulnerable, while the newer 3.5 version is not. Those still using 3.1 should migrate to a supported version; for other development branches, versions 3.2 Patch 8 (in December 2025), 3.3 Patch 8 (in November 2025), and 3.4 Patch 4 close the security vulnerabilities.

Cisco vulnerabilities are a lucrative target for cybercriminals, as their exploitation usually grants access to organizations’ networks. For example, attacks on a security vulnerability from 2023 can still be observed, which currently infect around 15,000 Cisco devices worldwide with the malware “BadCandy” are still being observed.

(dmk)

Don’t miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.